Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e18e1671 by security tracker role at 2021-05-27T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-33603
+ RESERVED
+CVE-2021-33602
+ RESERVED
+CVE-2021-33601
+ RESERVED
+CVE-2021-33600
+ RESERVED
+CVE-2021-33599
+ RESERVED
+CVE-2021-33598
+ RESERVED
+CVE-2021-33597
+ RESERVED
+CVE-2021-33596
+ RESERVED
+CVE-2021-33595
+ RESERVED
+CVE-2021-33594
+ RESERVED
+CVE-2021-33593
+ RESERVED
+CVE-2021-33592
+ RESERVED
+CVE-2021-33591
+ RESERVED
+CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in
get_device_path_ ...)
+ TODO: check
+CVE-2021-33589
+ RESERVED
CVE-2021-33588
RESERVED
CVE-2021-33587
@@ -79,8 +109,8 @@ CVE-2021-33560
RESERVED
CVE-2021-33559
RESERVED
-CVE-2021-33558
- RESERVED
+CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive
information vi ...)
+ TODO: check
CVE-2021-33557
RESERVED
CVE-2021-33556
@@ -421,8 +451,8 @@ CVE-2021-33396
RESERVED
CVE-2021-33395
RESERVED
-CVE-2021-33394
- RESERVED
+CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does
not gener ...)
+ TODO: check
CVE-2021-33393
RESERVED
CVE-2021-33392
@@ -826,8 +856,7 @@ CVE-2021-33202
RESERVED
CVE-2021-33201
RESERVED
-CVE-2021-33200
- RESERVED
+CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7
enforces inco ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -2027,12 +2056,12 @@ CVE-2021-32647
RESERVED
CVE-2021-32646
RESERVED
-CVE-2021-32645
- RESERVED
+CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller
for the ...)
+ TODO: check
CVE-2021-32644
RESERVED
-CVE-2021-32643
- RESERVED
+CVE-2021-32643 (Http4s is a Scala interface for HTTP services.
`StaticFile.fromUrl` ca ...)
+ TODO: check
CVE-2021-32642 [add result validation to dyndisc example scripts]
RESERVED
- radsecproxy 1.8.2-4 (unimportant)
@@ -2513,10 +2542,10 @@ CVE-2021-32461
RESERVED
CVE-2021-32460
RESERVED
-CVE-2021-32459
- RESERVED
-CVE-2021-32458
- RESERVED
+CVE-2021-32459 (A hard-coded password vulnerability exists in the SFTP Log
Collection ...)
+ TODO: check
+CVE-2021-32458 (A privilege escalation vulnerability exists in the tdts.ko
chrdev_ioct ...)
+ TODO: check
CVE-2021-32457 (A privilege escalation vulnerability exists in the tdts.ko
chrdev_ioct ...)
NOT-FOR-US: Trend Micro
CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with
access t ...)
@@ -4173,8 +4202,7 @@ CVE-2021-31810
RESERVED
CVE-2021-31809
RESERVED
-CVE-2021-31808
- RESERVED
+CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
- squid <unfixed> (bug #989043)
- squid3 <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
@@ -4185,8 +4213,7 @@ CVE-2021-31807
- squid3 <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
-CVE-2021-31806
- RESERVED
+CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
- squid <unfixed> (bug #989043)
- squid3 <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
@@ -4748,8 +4775,7 @@ CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows
XSS: rewe/prod/web/index.
NOT-FOR-US: SIS-REWE Go
CVE-2021-31536
RESERVED
-CVE-2021-31535
- RESERVED
+CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1
might a ...)
{DSA-4920-1 DLA-2666-1}
- libx11 2:1.7.1-1 (bug #988737)
NOTE:
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
@@ -4775,8 +4801,7 @@ CVE-2021-31527
RESERVED
CVE-2021-31526
RESERVED
-CVE-2021-31525 [net/http: ReadRequest can stack overflow]
- RESERVED
+CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows
remote a ...)
- golang-1.16 1.16.4-1
- golang-1.15 1.15.9-2
- golang-1.11 <removed>
@@ -5648,16 +5673,13 @@ CVE-2021-31157
RESERVED
CVE-2021-31156
RESERVED
-CVE-2021-31155
- RESERVED
+CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a
local att ...)
- rust-pleaser 0.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
-CVE-2021-31154
- RESERVED
+CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary
filenames i ...)
- rust-pleaser 0.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
-CVE-2021-31153
- RESERVED
+CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain
knowled ...)
- rust-pleaser 0.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site
request ...)
@@ -7319,8 +7341,7 @@ CVE-2021-30467
RESERVED
CVE-2021-30466
RESERVED
-CVE-2021-30465
- RESERVED
+CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout
via Dire ...)
- runc 1.0.0~rc93+ds1-5 (bug #988768)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2
NOTE:
https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
@@ -11611,8 +11632,7 @@ CVE-2021-28664 (The Arm Mali GPU kernel driver allows
privilege escalation or a
NOT-FOR-US: ARM components for Android
CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or
informat ...)
NOT-FOR-US: ARM components for Android
-CVE-2021-28662
- RESERVED
+CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x
before 5.0.6. ...)
- squid <unfixed> (bug #988891)
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
@@ -11663,14 +11683,12 @@ CVE-2021-28654
RESERVED
CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital
G-Technolo ...)
NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology
ArmorLock NVMe SSD
-CVE-2021-28652
- RESERVED
+CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
- squid <unfixed> (bug #988892)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
NOTE:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch
-CVE-2021-28651
- RESERVED
+CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before
5.0.6. Due ...)
- squid <unfixed> (bug #988893)
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
@@ -14391,24 +14409,24 @@ CVE-2021-27498
RESERVED
CVE-2021-27497
RESERVED
-CVE-2021-27496
- RESERVED
+CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead,
Step3dRead, ...)
+ TODO: check
CVE-2021-27495
RESERVED
-CVE-2021-27494
- RESERVED
+CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead,
Step3dRead, ...)
+ TODO: check
CVE-2021-27493
RESERVED
-CVE-2021-27492
- RESERVED
+CVE-2021-27492 (When opening a specially crafted 3DXML file, the application
containin ...)
+ TODO: check
CVE-2021-27491
RESERVED
-CVE-2021-27490
- RESERVED
+CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead,
Step3dRead, ...)
+ TODO: check
CVE-2021-27489
RESERVED
-CVE-2021-27488
- RESERVED
+CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead,
Step3dRead, ...)
+ TODO: check
CVE-2021-27487
RESERVED
CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is
vulnerable to ...)
@@ -14984,7 +15002,7 @@ CVE-2021-27233 (An issue was discovered in Mutare Voice
(EVM) 3.x before 3.3.8.
NOT-FOR-US: Mutare Voice (EVM)
CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry
Server 7.1 ...)
NOT-FOR-US: Pelco Digital Sentry Server
-CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting
environment, s ...)
+CVE-2021-27231 (Hestia Control Panel 1.3.5 and below, in a shared-hosting
environment, ...)
NOT-FOR-US: Hestia Control Panel
CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP
Code Inj ...)
NOT-FOR-US: ExpressionEngine
@@ -25076,16 +25094,16 @@ CVE-2021-22913
RESERVED
CVE-2021-22912
RESERVED
-CVE-2021-22911
- RESERVED
+CVE-2021-22911 (A improper input sanitization vulnerability exists in
Rocket.Chat serv ...)
+ TODO: check
CVE-2021-22910
RESERVED
-CVE-2021-22909
- RESERVED
-CVE-2021-22908
- RESERVED
-CVE-2021-22907
- RESERVED
+CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier
could a ...)
+ TODO: check
+CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File
Resource Profil ...)
+ TODO: check
+CVE-2021-22907 (An improper access control vulnerability exists in Citrix
Workspace Ap ...)
+ TODO: check
CVE-2021-22906
RESERVED
CVE-2021-22905
@@ -25115,10 +25133,10 @@ CVE-2021-22901 [TLS session caching disaster]
NOTE: https://curl.se/docs/CVE-2021-22901.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6
(7.75.0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
(7.77.0)
-CVE-2021-22900
- RESERVED
-CVE-2021-22899
- RESERVED
+CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse
Connect ...)
+ TODO: check
+CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect
Secure befor ...)
+ TODO: check
CVE-2021-22898 [TELNET stack contents disclosure]
RESERVED
- curl <unfixed>
@@ -25137,14 +25155,14 @@ CVE-2021-22896
RESERVED
CVE-2021-22895
RESERVED
-CVE-2021-22894
- RESERVED
+CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure
before ...)
+ TODO: check
CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to
an authen ...)
NOT-FOR-US: Pulse Connect Secure
-CVE-2021-22892
- RESERVED
-CVE-2021-22891
- RESERVED
+CVE-2021-22892 (An information disclosure vulnerability exists in the
Rocket.Chat serv ...)
+ TODO: check
+CVE-2021-22891 (A missing authorization vulnerability exists in Citrix
ShareFile Stora ...)
+ TODO: check
CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability
that allows ...)
{DSA-4881-1}
- curl 7.74.0-1.2 (bug #986270)
@@ -25159,8 +25177,7 @@ CVE-2021-22887 (A vulnerability in the BIOS of Pulse
Secure (PSA-Series Hardware
NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000
and PSA7000
CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to
persist ...)
NOT-FOR-US: Rocket.Chat
-CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution
in Action Pack]
- RESERVED
+CVE-2021-22885 (A possible information disclosure / unintended method
execution vulner ...)
{DLA-2655-1}
- rails 2:6.0.3.7+dfsg-1 (bug #988214)
NOTE:
https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c
(main)
@@ -26293,8 +26310,8 @@ CVE-2021-22413
RESERVED
CVE-2021-22412
RESERVED
-CVE-2021-22411
- RESERVED
+CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei
products. ...)
+ TODO: check
CVE-2021-22410
RESERVED
CVE-2021-22409 (There is a denial of service vulnerability in some versions of
ManageO ...)
@@ -26387,20 +26404,20 @@ CVE-2021-22366
RESERVED
CVE-2021-22365
RESERVED
-CVE-2021-22364
- RESERVED
+CVE-2021-22364 (There is a denial of service vulnerability in the versions
10.1.0.126( ...)
+ TODO: check
CVE-2021-22363
RESERVED
-CVE-2021-22362
- RESERVED
+CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei
products. ...)
+ TODO: check
CVE-2021-22361
RESERVED
-CVE-2021-22360
- RESERVED
-CVE-2021-22359
- RESERVED
-CVE-2021-22358
- RESERVED
+CVE-2021-22360 (There is a resource management error vulnerability in the
verisions V5 ...)
+ TODO: check
+CVE-2021-22359 (There is a denial of service vulnerability in the verisions
V200R005C0 ...)
+ TODO: check
+CVE-2021-22358 (There is an insufficient input validation vulnerability in
FusionCompu ...)
+ TODO: check
CVE-2021-22357
RESERVED
CVE-2021-22356
@@ -26927,8 +26944,8 @@ CVE-2021-22120
RESERVED
CVE-2021-22119
RESERVED
-CVE-2021-22118
- RESERVED
+CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and
versions 5.3.x ...)
+ TODO: check
CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not
harden p ...)
- rabbitmq-server <not-affected> (Windows-specific)
CVE-2021-22116
@@ -31597,8 +31614,8 @@ CVE-2021-20729
RESERVED
CVE-2021-20728
RESERVED
-CVE-2021-20727
- RESERVED
+CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to
1.8.8 allo ...)
+ TODO: check
CVE-2021-20726 (Untrusted search path vulnerability in The Installer of
Overwolf 2.168 ...)
NOT-FOR-US: Overwolf
CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page
of [Cal ...)
@@ -43649,8 +43666,7 @@ CVE-2020-27834 [attacker can send the same request over
and over again without c
NOTE: very scarce/incomplete CVE request from
http://almorabea.net/cves/zabbix.txt
CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in
openshift-clien ...)
NOT-FOR-US: OpenShift
-CVE-2020-27832
- RESERVED
+CVE-2020-27832 (A flaw was found in Red Hat Quay, where it has a persistent
Cross-site ...)
NOT-FOR-US: Quay
CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly
protect t ...)
NOT-FOR-US: Quay
@@ -57228,32 +57244,32 @@ CVE-2020-22036
RESERVED
CVE-2020-22035
RESERVED
-CVE-2020-22034
- RESERVED
-CVE-2020-22033
- RESERVED
-CVE-2020-22032
- RESERVED
-CVE-2020-22031
- RESERVED
-CVE-2020-22030
- RESERVED
-CVE-2020-22029
- RESERVED
+CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
atlibavfi ...)
+ TODO: check
+CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2
at libavf ...)
+ TODO: check
+CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
at libavf ...)
+ TODO: check
+CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
+ TODO: check
+CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
+ TODO: check
+CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
+ TODO: check
CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in
filter_verticall ...)
TODO: check
-CVE-2020-22027
- RESERVED
+CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2
in defl ...)
+ TODO: check
CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the
config_input ...)
TODO: check
-CVE-2020-22025
- RESERVED
+CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in
gaussian_blur at ...)
+ TODO: check
CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the
lagfun_frame16 func ...)
TODO: check
-CVE-2020-22023
- RESERVED
-CVE-2020-22022
- RESERVED
+CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg
4.2 in fi ...)
+ TODO: check
+CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
+ TODO: check
CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges
function i ...)
TODO: check
CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the
build_diff_map func ...)
@@ -57265,10 +57281,10 @@ CVE-2020-22019 (Buffer Overflow vulnerability in
FFmpeg 4.2 at convolution_y_10b
TODO: check
CVE-2020-22018
RESERVED
-CVE-2020-22017
- RESERVED
-CVE-2020-22016
- RESERVED
+CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at ff_ ...)
+ TODO: check
+CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at
libavcodec ...)
+ TODO: check
CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in
mov_write_video_tag due ...)
- ffmpeg <unfixed>
[bullseye] - ffmpeg <ignored> (Minor issue)
@@ -64882,10 +64898,10 @@ CVE-2020-18232
RESERVED
CVE-2020-18231
RESERVED
-CVE-2020-18230
- RESERVED
-CVE-2020-18229
- RESERVED
+CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote
attackers t ...)
+ TODO: check
+CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote
attackers t ...)
+ TODO: check
CVE-2020-18228
RESERVED
CVE-2020-18227
@@ -66344,8 +66360,8 @@ CVE-2020-17516 (Apache Cassandra versions 2.1.0 to
2.1.22, 2.2.0 to 2.2.19, 3.0.
- cassandra <itp> (bug #585905)
CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like
'/trigger' ...)
- airflow <itp> (bug #819700)
-CVE-2020-17514
- RESERVED
+CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname
verification in ...)
+ TODO: check
CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and
Query View ...)
- airflow <itp> (bug #819700)
CVE-2020-17512
@@ -79603,8 +79619,7 @@ CVE-2020-12405 (When browsing a malicious page, a race
condition in our SharedWo
CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to
be passed ...)
- firefox <not-affected> (Specific to iOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
-CVE-2020-12403
- RESERVED
+CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented
in NSS i ...)
{DLA-2388-1}
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
@@ -85396,8 +85411,7 @@ CVE-2020-10776 (A flaw was found in Keycloak before
version 12.0.0, where it is
NOT-FOR-US: Keycloak
CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine
versions 4.4 ...)
NOT-FOR-US: ovirt-engine
-CVE-2020-10774
- RESERVED
+CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's
versions befo ...)
- linux <not-affected> (Red Hat-specific patch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964
CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the
Linux ker ...)
@@ -85593,8 +85607,7 @@ CVE-2020-10730 (A NULL pointer dereference, or possible
use-after-free flaw was
NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14364
NOTE:
https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0
(for ldb)
-CVE-2020-10729 [two random password lookups in same task return same value]
- RESERVED
+CVE-2020-10729 (A flaw was found in the use of insufficiently random values in
Ansible ...)
- ansible 2.9.6+dfsg-1
[buster] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, no
variables template caching)
@@ -85649,8 +85662,7 @@ CVE-2020-10717 (A potential DoS flaw was found in the
virtio-fs shared file syst
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: Introduced in:
https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e
(v5.0.0-rc0)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
-CVE-2020-10716
- RESERVED
+CVE-2020-10716 (A flaw was found in Red Hat Satellite's Job Invocation, where
the "Use ...)
NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job
Invocation
CVE-2020-10715 (A content spoofing vulnerability was found in the
openshift/console 3. ...)
NOT-FOR-US: Openshift Web Console
@@ -85672,8 +85684,7 @@ CVE-2020-10711 (A NULL pointer dereference flaw was
found in the Linux kernel's
NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
CVE-2020-10710
RESERVED
-CVE-2020-10709
- RESERVED
+CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an
OAuth2 t ...)
- ansible-awx <itp> (bug #908763)
NOTE: https://github.com/ansible/awx/issues/6630
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033
@@ -85708,8 +85719,7 @@ CVE-2020-10702 (A flaw was found in QEMU in the
implementation of the Pointer Au
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9
(v5.0.0-rc0)
-CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to
DoS]
- RESERVED
+CVE-2020-10701 (A missing authorization flaw was found in the libvirt API
responsible ...)
- libvirt 6.0.0-7 (bug #955841)
[buster] - libvirt <not-affected> (Vulnerable code introduced later)
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -85728,11 +85738,9 @@ CVE-2020-10699 (A flaw was found in Linux, in
targetcli-fb versions 2.1.50 and 2
NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162
NOTE: Introduced in:
https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039
(v2.1.50)
NOTE: Fixed by:
https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d
-CVE-2020-10698
- RESERVED
+CVE-2020-10698 (A flaw was found in Ansible Tower when running jobs. This flaw
allows ...)
NOT-FOR-US: Ansible Tower
-CVE-2020-10697
- RESERVED
+CVE-2020-10697 (A flaw was found in Ansible Tower when running Openshift.
Tower runs a ...)
NOT-FOR-US: Ansible Tower
CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before
1.14.5. ...)
- golang-github-containers-buildah 1.11.6-2
@@ -85767,8 +85775,7 @@ CVE-2020-10690 (There is a use-after-free in kernel
versions before 5.5 due to a
NOTE: Fixed by:
https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e
CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where
it did ...)
NOT-FOR-US: Eclipse Che
-CVE-2020-10688
- RESERVED
+CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in
versions be ...)
- resteasy <unfixed> (bug #970328)
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
@@ -445378,8 +445385,7 @@ CVE-2008-2546
REJECTED
CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a
case-sens ...)
NOT-FOR-US: Skype
-CVE-2008-2544
- RESERVED
+CVE-2008-2544 (Mounting /proc filesystem via chroot command silently mounts it
in rea ...)
- linux <unfixed> (unimportant)
NOTE: non-issue, cf.
https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9
and As ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18e167100bf57eb3ebb80c78b16eaf557147981
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18e167100bf57eb3ebb80c78b16eaf557147981
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
